CVE-2025-0743

Medium CVSS: 5.3

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page.

Vendor

Thesamur

Product

Embedai

CWE

CWE-284

Yayın Tarihi

2025-01-30 12:15:27

Güncelleme

2025-10-08 19:18:43

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-284 Embedai MEDIUM Thesamur 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-embedai

Benzer Kayıtlar

Medium

CVE-2025-0746

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an aut…

High

CVE-2025-0747

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attack…

Medium

CVE-2025-0742

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authentic…

High

CVE-2025-0744

an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authentic…

High

CVE-2025-0745

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authentic…

High

CVE-2025-0739

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authentic…